def start_tor(self):
""" This function executes the workflow
of starting the hidden service.
"""
if not self.local_port:
control_host = jm_single().config.get("PAYJOIN",
"tor_control_host")
control_port = int(jm_single().config.get("PAYJOIN",
"tor_control_port"))
if str(control_host).startswith('unix:'):
control_endpoint = UNIXClientEndpoint(reactor,
control_host[5:])
else:
control_endpoint = TCP4ClientEndpoint(reactor, control_host,
control_port)
d = txtorcon.connect(reactor, control_endpoint)
d.addCallback(self.create_onion_ep)
d.addErrback(self.setup_failed)
else:
d = Deferred()
d.callback(None)
d.addCallback(self.create_onion_ep)
# TODO: add errbacks to the next two calls in
# the chain:
d.addCallback(self.onion_listen)
d.addCallback(self.print_host)
def start_tor(self):
""" This function executes the workflow
of starting the hidden service and returning its hostname
"""
self.info_callback("Attempting to start onion service on port: {} "
"...".format(self.virtual_port))
if self.hidden_service_dir == "":
if str(self.tor_control_host).startswith('unix:'):
control_endpoint = UNIXClientEndpoint(
reactor, self.tor_control_host[5:])
else:
control_endpoint = TCP4ClientEndpoint(reactor,
self.tor_control_host,
self.tor_control_port)
d = txtorcon.connect(reactor, control_endpoint)
d.addCallback(self.create_onion_ep)
d.addErrback(self.setup_failed)
# TODO: add errbacks to the next two calls in
# the chain:
d.addCallback(self.onion_listen)
d.addCallback(self.print_host)
else:
ep = "onion:" + str(self.virtual_port) + ":localPort="
ep += str(self.serving_port)
# endpoints.TCPHiddenServiceEndpoint creates version 2 by
# default for backwards compat (err, txtorcon needs to update that ...)
ep += ":version=3"
ep += ":hiddenServiceDir=" + self.hidden_service_dir
onion_endpoint = serverFromString(reactor, ep)
d = onion_endpoint.listen(self.proto_factory)
d.addCallback(self.print_host_filesystem)
def testSSH101(self):
def finished():
pass
keypaths = [
# '/data/dev/beholder/sys/ssh-keys/client_rsa.pub',
'/data/dev/beholder/sys/ssh-keys/client_rsa'
]
keys = []
for keyPath in keypaths:
if os.path.exists(keyPath):
keys.append(readKey(keyPath))
knownHostsPath = '/home/jan/.ssh/known_hosts'
knownHosts = KnownHostsFile.fromPath(FilePath(knownHostsPath))
# for entry in knownHosts.iterentries():
# if entry.matchesHost(b"[localhost]:2222"):
# print("yess!!!!!!!!!!!!!!!!!!!!!")
# print(entry)
agentEndpoint = UNIXClientEndpoint(reactor,
os.environ["SSH_AUTH_SOCK"])
client = SSHCmdClient(b"localhost",
2222,
b"user",
keys=keys,
knownhosts=knownHosts,
agent=None)
self.assertIsNotNone(client)
endpoint = client.newConnection("ls")
self.assertIsNotNone(endpoint)
factory = Factory()
factory.protocol = TestProtocol
d = endpoint.connect(factory)
d.addCallback(finished)
return d
def sign(self, challenge):
if "SSH_AUTH_SOCK" not in os.environ:
raise Exception("no ssh-agent is running!")
factory = Factory()
factory.noisy = False
factory.protocol = SSHAgentClient
endpoint = UNIXClientEndpoint(self._reactor,
os.environ["SSH_AUTH_SOCK"])
d = endpoint.connect(factory)
@inlineCallbacks
def on_connect(agent):
# we are now connected to the locally running ssh-agent
# that agent might be the openssh-agent, or eg on Ubuntu 14.04 by
# default the gnome-keyring / ssh-askpass-gnome application
blob = _pack(['ssh-ed25519', self.public_key(binary=True)])
# now ask the agent
signature_blob = yield agent.signData(blob, challenge)
algo, signature = _unpack(signature_blob)
agent.transport.loseConnection()
returnValue(signature)
return d.addCallback(on_connect)
def main():
address = FilePath(sys.argv[1])
startLogging(sys.stdout)
factory = Factory()
factory.protocol = ReceiveFDProtocol
factory.quiet = True
endpoint = UNIXClientEndpoint(reactor, address.path)
connected = endpoint.connect(factory)
def succeeded(client):
return client.whenDisconnected
def failed(reason):
print("Could not connect:", reason.getErrorMessage())
def disconnected(ignored):
reactor.stop()
connected.addCallbacks(succeeded, failed)
connected.addCallback(disconnected)
reactor.run()
def fromConfig(cls, reactor):
keys = []
if "identity" in _CONFIG:
keyPath = os.path.expanduser(_CONFIG["identity"])
if os.path.exists(keyPath):
keys.append(readKey(keyPath))
knownHostsPath = FilePath(os.path.expanduser(_CONFIG["knownhosts"]))
if knownHostsPath.exists():
knownHosts = KnownHostsFile.fromPath(knownHostsPath)
else:
knownHosts = None
if "no-agent" in _CONFIG or "SSH_AUTH_SOCK" not in os.environ:
agentEndpoint = None
else:
agentEndpoint = UNIXClientEndpoint(reactor,
os.environ["SSH_AUTH_SOCK"])
if "password" in _CONFIG:
password = _CONFIG["password"]
else:
password = None
return cls(reactor, _CONFIG["host"], _CONFIG["port"],
_CONFIG["username"], password, keys, knownHosts,
agentEndpoint)
def fromCommandLine(cls, reactor, argv):
config = EchoOptions()
config.parseOptions(argv)
keys = []
if config["identity"]:
keyPath = os.path.expanduser(config["identity"])
if os.path.exists(keyPath):
keys.append(readKey(keyPath))
knownHostsPath = FilePath(os.path.expanduser(config["knownhosts"]))
if knownHostsPath.exists():
knownHosts = KnownHostsFile.fromPath(knownHostsPath)
else:
knownHosts = None
if config["no-agent"] or "SSH_AUTH_SOCK" not in os.environ:
agentEndpoint = None
else:
agentEndpoint = UNIXClientEndpoint(reactor,
os.environ["SSH_AUTH_SOCK"])
return cls(
reactor,
config["host"],
config["port"],
config["username"],
config["password"],
keys,
knownHosts,
agentEndpoint,
)
def get_connection_helper(reactor, address, username, port):
"""
Get a :class:`twisted.conch.endpoints._ISSHConnectionCreator` to connect to
the given remote.
:param reactor: Reactor to connect with.
:param bytes address: The address of the remote host to connect to.
:param bytes username: The user to connect as.
:param int port: The port of the ssh server to connect to.
:return _ISSHConnectionCreator:
"""
try:
agentEndpoint = UNIXClientEndpoint(reactor,
os.environ["SSH_AUTH_SOCK"])
except KeyError:
agentEndpoint = None
return _NewConnectionHelper(reactor,
address,
port,
None,
username,
keys=None,
password=None,
agentEndpoint=agentEndpoint,
knownHosts=KnownHostsFile.fromPath(
FilePath("/dev/null")),
ui=ConsoleUI(lambda: _ReadFile(b"yes")))
def main(reactor):
tor = yield txtorcon.connect(
reactor, UNIXClientEndpoint(reactor, "/var/run/tor/control"))
print("Connected to Tor version {}".format(tor.version))
url = 'https://www.torproject.org:443'
print("Downloading {}".format(url))
resp = yield treq.get(url, agent=tor.web_agent())
print(" {} bytes".format(resp.length))
data = yield resp.text()
print("Got {} bytes:\n{}\n[...]{}".format(
len(data),
data[:120],
data[-120:],
))
print("Creating a circuit")
state = yield tor.create_state()
circ = yield state.build_circuit()
yield circ.when_built()
print(" path: {}".format(" -> ".join([r.ip for r in circ.path])))
print("Downloading meejah's public key via above circuit...")
resp = yield treq.get(
'https://meejah.ca/meejah.asc',
agent=circ.web_agent(reactor, tor.config.socks_endpoint(reactor)),
)
data = yield resp.text()
print(data)
def __init__(self, reactor, socket_path=None):
super(IPCWorkerService, self).__init__()
self.reactor = reactor
self.socket_path = socket_path
if self.socket_path is None:
self.socket_path = get_ipc_socket_path()
self.endpoint = UNIXClientEndpoint(reactor, self.socket_path)
self.protocol = None
def connectClient(self):
class TraphClientFactory(Factory):
def buildProtocol(this, addr):
return self.client
t = TraphClientFactory()
if not self.corpus.factory.chatty:
t.noisy = False
UNIXClientEndpoint(reactor, self.socket).connect(t)
def agent_for_socks_port(reactor, torconfig, socks_config, pool=None):
"""
This returns a Deferred that fires with an object that implements
:class:`twisted.web.iweb.IAgent` and is thus suitable for passing
to ``treq`` as the ``agent=`` kwarg. Of course can be used
directly; see `using Twisted web cliet
<http://twistedmatrix.com/documents/current/web/howto/client.html>`_. If
you have a :class:`txtorcon.Tor` instance already, the preferred
API is to call :meth:`txtorcon.Tor.web_agent` on it.
:param torconfig: a :class:`txtorcon.TorConfig` instance.
:param socks_config: anything valid for Tor's ``SocksPort``
option. This is generally just a TCP port (e.g. ``9050``), but
can also be a unix path like so ``unix:/path/to/socket`` (Tor
has restrictions on the ownership/permissions of the directory
containing ``socket``). If the given SOCKS option is not
already available in the underlying Tor instance, it is
re-configured to add the SOCKS option.
"""
# :param tls: True (the default) will use Twisted's default options
# with the hostname in the URI -- that is, TLS verification
# similar to a Browser. Otherwise, you can pass whatever Twisted
# returns for `optionsForClientTLS
# <https://twistedmatrix.com/documents/current/api/twisted.internet.ssl.optionsForClientTLS.html>`_
socks_config = str(socks_config) # sadly, all lists are lists-of-strings to Tor :/
if socks_config not in torconfig.SocksPort:
txtorlog.msg("Adding SOCKS port '{}' to Tor".format(socks_config))
torconfig.SocksPort.append(socks_config)
try:
yield torconfig.save()
except Exception as e:
raise RuntimeError(
"Failed to reconfigure Tor with SOCKS port '{}': {}".format(
socks_config, str(e)
)
)
if socks_config.startswith('unix:'):
socks_ep = UNIXClientEndpoint(reactor, socks_config[5:])
else:
if ':' in socks_config:
host, port = socks_config.split(':', 1)
else:
host = '127.0.0.1'
port = int(socks_config)
socks_ep = TCP4ClientEndpoint(reactor, host, port)
returnValue(
Agent.usingEndpointFactory(
reactor,
_AgentEndpointFactoryUsingTor(reactor, socks_ep),
pool=pool,
)
)
def setUp(self):
path = self.mktemp()
self.app = fixture(self)
self.port = reactor.listenUNIX(
path,
Site(self.app.resource()),
)
self.addCleanup(self.port.stopListening)
self.agent = ProxyAgent(UNIXClientEndpoint(reactor, path), reactor)
super(RealTests, self).setUp()
def __init__(self, reactor, socket_path=None):
super().__init__()
self.reactor = reactor
self.socket_path = socket_path
if self.socket_path is None:
self.socket_path = get_ipc_socket_path()
self.endpoint = UNIXClientEndpoint(reactor, self.socket_path)
self._protocol = None
self.protocol = DeferredValue()
self.processId = DeferredValue()
def new(cls, pubkey=None, reactor=None):
"""
Create a proxy for a key held in SSH agent.
:param pubkey: A string with a public Ed25519 key in SSH format.
:type pubkey: unicode
"""
pubkey = _read_ssh_ed25519_pubkey(pubkey)
if not reactor:
from twisted.internet import reactor
from twisted.internet.defer import inlineCallbacks, returnValue
from twisted.internet.protocol import Factory
from twisted.internet.endpoints import UNIXClientEndpoint
from twisted.conch.ssh.agent import SSHAgentClient
if "SSH_AUTH_SOCK" not in os.environ:
raise Exception("no ssh-agent is running!")
factory = Factory()
factory.noisy = False
factory.protocol = SSHAgentClient
endpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"])
d = endpoint.connect(factory)
@inlineCallbacks
def on_connect(agent):
keys = yield agent.requestIdentities()
# if the key is found in ssh-agent, the raw public key (32 bytes), and the
# key comment as returned from ssh-agent
key_data = None
key_comment = None
for blob, comment in keys:
raw = unpack(blob)
algo = raw[0]
if algo == u'ssh-ed25519':
algo, _pubkey = raw
if _pubkey == pubkey:
key_data = _pubkey
key_comment = comment.decode('utf8')
break
agent.transport.loseConnection()
if key_data:
key = signing.VerifyKey(key_data)
returnValue(cls(key, key_comment, reactor))
else:
raise Exception("Ed25519 key not held in ssh-agent")
return d.addCallback(on_connect)
def get_agent(self):
"""
Get the SSH agent endpoint.
"""
reactor = self.reactor
if "SSH_AUTH_SOCK" in os.environ:
agent_endpoint = UNIXClientEndpoint(reactor,
os.environ["SSH_AUTH_SOCK"])
else:
agent_endpoint = None
return agent_endpoint
def assemble():
transport = {
"type": "rawsocket",
"url": "ws://localhost/ws",
"endpoint": UNIXClientEndpoint(reactor, sock_path),
"serializer": "cbor",
}
component = Component(transports=[transport],
realm="deskconn",
session_factory=GPIOComponent)
component._transports[0].max_retries = 0
return component
def ensure_agent_has_ssh_key(reactor, key):
"""
Check that the running ssh-agent has the private key corresponding to the
provided key.
:param reactor: The reactor to use to connect to the agent.
:param Key key: The ssh key to check for in the agent.
:return Deferred: That fires with a successful result if the key is found.
Otherwise, fails with ``AgentNotFound`` or ``KeyNotFound``.
"""
try:
agent_socket = os.environ["SSH_AUTH_SOCK"]
except KeyError:
return fail(AgentNotFound())
if not key.isPublic():
key = key.public()
action = start_action(
action_type="flocker.provision.ssh:check_agent_has_ssh_keys",
key_fingerprint=key.fingerprint(),
agent_socket=agent_socket)
with action.context():
agent_endpoint = UNIXClientEndpoint(reactor, agent_socket)
agent_protocol = SSHAgentClient()
connected = DeferredContext(
connectProtocol(agent_endpoint, agent_protocol))
connected.addCallback(lambda _: agent_protocol.requestIdentities())
def check_keys(results):
for key_data, comment in results:
agent_key = Key.fromString(key_data, type='blob')
Message.new(message_type="flocker.provision.ssh:agent_key",
key_fingerprint=agent_key.fingerprint(),
commnet=comment).write()
if agent_key == key:
return True
raise KeyNotFound(expected_key=key)
connected.addCallback(check_keys)
def disconnect(result):
agent_protocol.transport.loseConnection()
return result
connected.addBoth(disconnect)
return connected.addActionFinish()
def main(reactor):
ep = UNIXClientEndpoint(reactor, '/var/run/tor/control')
tor = yield txtorcon.connect(reactor, ep)
def log(msg):
print msg
print "Connected to a Tor version", tor.protocol.version
for event in ['INFO', 'NOTICE', 'WARN', 'ERR']:
tor.protocol.add_event_listener(event, log)
is_current = yield tor.protocol.get_info('status/version/current')
version = yield tor.protocol.get_info('version')
print("Version '{}', is_current={}".format(
version, is_current['status/version/current']))
yield defer.Deferred()
def setUp(self):
# We use relpath as you can't bind to a path longer than 107
# chars. You can easily get an absolute path that long
# from mktemp, but rather strangely bind doesn't care
# how long the abspath is, so we call relpath here and
# it should work as long as our method names aren't too long
path = os.path.relpath(self.mktemp())
self.app = fixture(self)
self.port = reactor.listenUNIX(
path,
Site(self.app.resource()),
)
self.addCleanup(self.port.stopListening)
self.agent = ProxyAgent(UNIXClientEndpoint(reactor, path), reactor)
super(RealTests, self).setUp()
def open(self):
"""open the connection to the lircd socket"""
def gotProtocol(result):
"""now we have a connection"""
self.protocol = result
self.protocol.wrapper = self
logDebug(self, None, 'got lirc protocol')
def gotNoProtocol(result):
"""something went wrong"""
print "got no connection to lirc: %s" % result
point = UNIXClientEndpoint(reactor, self.irwSocket, timeout=2)
factory = ClientFactory()
factory.protocol = LircProtocol
point.connect(factory).addCallback(gotProtocol).addErrback(
gotNoProtocol)
def installPools(pools, maxClients=5, reactor=None):
if reactor is None:
from twisted.internet import reactor
for name, pool in pools.items():
if pool["ClientEnabled"]:
if pool.get("MemcacheSocket"):
ep = UNIXClientEndpoint(reactor, pool["MemcacheSocket"])
else:
ep = GAIEndpoint(reactor, pool["BindAddress"], pool["Port"])
_installPool(
name,
pool["HandleCacheTypes"],
ep,
maxClients,
reactor,
)
def passTo(self, host, protocol):
orig_socket = protocol.transport.socket
if not host:
host = b'default'
try:
for vhost in self.vhosts:
if vhost.hostname.match(host):
dest_socket = vhost.socket
endpoint = UNIXClientEndpoint(reactor, dest_socket)
connected = endpoint.connect(Factory.forProtocol(Protocol))
connected.addCallback(
partial(self.passClientTo, orig_socket))
connected.addBoth(partial(self.disconnect, protocol))
return
finally:
pass
def main(reactor, *argv):
if "SSH_AUTH_SOCK" not in os.environ:
raise Exception("no ssh-agent is running!")
factory = Factory()
factory.protocol = SSHAgentClient
endpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"])
d = endpoint.connect(factory)
@inlineCallbacks
def on_connect(proto):
print("connected to agent. keys held currently:")
keys = yield proto.requestIdentities()
for blob, comment in keys:
print("Key: {}".format(comment))
proto.transport.loseConnection()
return d.addCallback(on_connect)
def main(reactor):
"""
Close all open streams and circuits in the Tor we connect to
"""
control_ep = UNIXClientEndpoint(reactor, '/var/run/tor/control')
tor = yield txtorcon.connect(reactor, control_ep)
state = yield tor.create_state()
print("Closing all circuits:")
for circuit in list(state.circuits.values()):
path = '->'.join(map(lambda r: r.id_hex, circuit.path))
print("Circuit {} through {}".format(circuit.id, path))
for stream in circuit.streams:
print(" Stream {} to {}".format(stream.id, stream.target_host))
yield stream.close()
print(" closed")
yield circuit.close()
print("closed")
yield tor.quit()
def ConnectToChaperone(cls, reactor, chaperoneDetails, playgroundAddress):
if cls.__muxer:
cls.__muxer.chaperone.connectionLost("Chaperone and/or Address Change")
if cls.__muxer.chaperone.transport:
cls.__muxer.chaperone.transport.loseConnection()
if len(chaperoneDetails) == 2:
addr, port = chaperoneDetails
chaperoneEndpoint = TCP4ClientEndpoint(reactor, addr, int(port))
elif len(chaperoneDetails) == 1:
chaperoneEndpoint = UNIXClientEndpoint(reactor,
chaperoneDetails[0])
else:
raise ValueError('expected (addr, port) or (socket,) tuple but got %s' % chaperoneDetails)
cls.__muxer = BotMuxer(playgroundAddress)
cls.__playgroundAddress = playgroundAddress
return connectProtocol(chaperoneEndpoint, cls.__muxer.chaperone)
def __init__(self, args=None):
'''Args must be an object with the following attributes:
socketpath, verbose
Suitable defaults will be supplied.'''
# Pass command line args to ProtocolIVSHMSG, then open logging.
if args is None:
args = argparse.Namespace()
for arg, default in self._required_arg_defaults.items():
setattr(args, arg, getattr(args, arg, default))
self.args = args
# checkPID looks for <socketpath>.lock which the server sets up
# as a symlink to file named <PID>
E = UNIXClientEndpoint(TIreactor,
args.socketpath,
timeout=1,
checkPID=False)
E.connect(self)
def start_tor(self):
""" This function executes the workflow
of starting the hidden service and returning its hostname
"""
self.info_callback("Attempting to start onion service on port: {} "
"...".format(self.port))
if str(self.tor_control_host).startswith('unix:'):
control_endpoint = UNIXClientEndpoint(reactor,
self.tor_control_host[5:])
else:
control_endpoint = TCP4ClientEndpoint(reactor,
self.tor_control_host,
self.tor_control_port)
d = txtorcon.connect(reactor, control_endpoint)
d.addCallback(self.create_onion_ep)
d.addErrback(self.setup_failed)
# TODO: add errbacks to the next two calls in
# the chain:
d.addCallback(self.onion_listen)
d.addCallback(self.print_host)
async def _main(reactor):
if False:
print("launching tor")
tor = await txtorcon.launch(reactor, progress_updates=print)
else:
tor = await txtorcon.connect(
reactor,
UNIXClientEndpoint(reactor, "/var/run/tor/control"),
)
print("Connected to tor {}".format(tor.version))
# here, we've just chosen 1234 as the port. We have three other
# options:
# - select a random, unused one ourselves
# - put "ports=[80]" below, and find out which port txtorcon
# selected after
# - use a Unix-domain socket
# we create a Tor onion service on a specific local TCP port
print("Creating onion service")
onion = await tor.create_onion_service(
ports=[(80, 1234) # 80 is the 'public' port, 1234 is local
],
private_key=
'RSA1024:MIICWwIBAAKBgQCmHEH1y7/RUUeeaSTgB3iQFfWMep38JDlAbDoEPltRxzgEh8bXMsNbemdiCuZmJVni96KrRh2/I2NwWi6C81xfcA8BjVzdCmEbL1B+KOeqZlrjoEMQl56NpbXIIzFZdyILaQtv3EZMoShNHSkta6e66oWUu2B2fkluwYyPxRAdvQIDAQABAoGAYkObHX2PlpK/jE1k3AZvYsUqwhSTOuJu39ZmJ7Z/rQvt7ngnv4wvFwF9APmzvD9iQir+FtXeqQCVRZSDqUGvpW0WgA+8aDA3BGWCZwKhWRWj18RLjsMX+wKP6OBpSIlNjELU8zc5PWWsCmT7AqAdVD7vqp2895LiP4M8vwwZB30CQQDb/fjoG1VWpFWXgjRHEYOoPj7d7J5FcRrbSgc57lvMv/2+4OVl2aRaGEjigfBnR7Pjbyxv/5K1h078PBWNumjPAkEAwUyN3SLJOMBM74LS2jh9AB/sNitLT7/O1f8zT0siC58TmTbeZsj3VqSsmrUiVSptQcOm+5F0UPvYxsI+B2UbswJAdV9dq8jZkS6AlCNd7QUFL4B2XkVedEJSR+mJTXlE9UsCARNQkTS7oW4PhPo633+8FH4+QUskZUHZ/G26OjHYtQJAIAKyd418LzbBRuSuUE8MfEnND0dqKGHGOfASKi5yC+SjFTtd5z2eoC2TG+elMN9eyoZBD+YNkh+yzW97YDQhOwJAKFKLmdlJve1lJah1ZllZfk2ipNeYVX+q1Mv7TE6IXGqU/Xt3HS8h9Zd8ml/Yms1z9X7hFIjQ/XcSiJhqcin8Vg==',
version=2, # FIXME use v3; using old tor for now
progress=print,
)
# we're now listening on some onion service URL and re-directing
# public port 80 requests to local TCP port 1234.
app = create_aio_application()
runner = web.AppRunner(app)
await as_deferred(runner.setup())
site = web.TCPSite(runner, 'localhost', 1234)
await as_deferred(site.start())
# now we're completely set up
print("Onion site on http://{}".format(onion.hostname))
await Deferred()
def connectionSecure(self):
self._state = b'AUTHENTICATING'
def running_cb(_):
self._state = b'RUNNING'
cb = Deferred()
cb.addCallback(running_cb)
self._user_auth = UserAuth(os.getlogin(), ClientConnection(cb))
if "SSH_AUTH_SOCK" in os.environ:
agentEndpoint = UNIXClientEndpoint(reactor,
os.environ["SSH_AUTH_SOCK"])
d = self._user_auth.connectToAgent(agentEndpoint)
else:
d = succeed(None)
def agent_init_done(_):
self.requestService(self._user_auth)
d.addBoth(agent_init_done)
